During vCenter Server upgrade to VCF 9.0, an administrator will get the following pre-check error message to remove the IWA Identity source:

Please remove all Identity Sources with type Active Directory (Integrated Windows Authentication) before proceeding https://knowledge.broadcom.com/external/article?articleId=373005

VCF 9.0
vCenter Server 7.x
vCenter Server 8.x

VCF 9.0 removes the support for the IWA Identity Source from the vCenter Server Single Sign On.

Before upgrading to VCF 9.0, an existing vCenter Server Appliance from an older version must remove the existing IWA Identity Source. The vCenter Server administrator must manually remove the IWA Identity Source and ensure alternative authentication. Customers can use MFA through federated authentication. See here for more information on Configuring vCenter Server Identity Provider Federation.

Follow below steps to remove the IWA Identity Source on vCenter Server. 

• Log in with the vSphere Client to the vCenter Server.
• Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
• Navigate to the Configuration UI
• From the Home menu, select Administration.
  • Under Single Sign On, click Configuration.
  • Under the Identity Provider tab, click Identity Sources.
• In the Identity Sources tab, select the Identity source with type Active Directory (Integrated Windows Authentication).
• Click Remove. Click OK to confirm the removal.